> On the newest Androids it also can be exploited via Instant Apps directly from a web-browser (installation of an app is not required).
It actually was a mistake, services can be accessed by Instant Apps only in case when https://developer.android.com/reference/android/R.attr.html#visibleToInstan…